Back to Search Start Over

Data-Driven Anomaly Detection and Event Log Profiling of SCADA Alarms

Authors :
J. R. Andrade
C. Rocha
R. Silva
J. P. Viana
Ricardo J. Bessa
C. Gouveia
B. Almeida
R. J. Santos
M. Louro
P. M. Santos
A. F. Ribeiro
Source :
IEEE Access, Vol 10, Pp 73758-73773 (2022)
Publication Year :
2022
Publisher :
IEEE, 2022.

Abstract

Network human operators’ decision-making during grid outages requires significant attention and the ability to perceive real-time feedback from multiple information sources to minimize the number of control actions required to restore service, while maintaining the system and people safety. Data-driven event and alarm management have the potential to reduce human operator cognitive burden. However, the high complexity of events, the data semantics, and the large variety of equipment and technologies are key barriers for the application of Artificial Intelligence (AI) to raw SCADA data. In this context, this paper proposes a methodology to convert a large volume of alarm events into data mining terminology, creating the conditions for the application of modern AI techniques to alarm data. Moreover, this work also proposes two novel data-driven applications based on SCADA data: (i) identification of anomalous behaviors regarding the performance of the protection relays of primary substations, during circuit breaker tripping alarms in High Voltage (HV) and Medium Voltage (MV) lines; (ii) unsupervised learning to cluster similar events in HV line panels, classify new event logs based on the obtained clusters and membership grade with a control parameter that helps to identify rare events. Important aspects associated with data handling and pre-processing are also covered. The results for real data from a Distribution System Operator (DSO) showed: (i) that the proposed method can detect unexpected relay pickup events, e.g., one substation with nearly 41% of the circuit breaker alarms had an ‘atypical’ event in their context (revealed an overlooked problem on the electrification of a protection relay); (ii) capability to automatically detect and group issues into specific clusters, e.g., SF6 low-pressure alarms and blocks with abnormal profiles caused by event time-delay problems.

Details

Language :
English
ISSN :
21693536
Volume :
10
Database :
Directory of Open Access Journals
Journal :
IEEE Access
Publication Type :
Academic Journal
Accession number :
edsdoj.03bf48654fd4010852a4cac1af87139
Document Type :
article
Full Text :
https://doi.org/10.1109/ACCESS.2022.3190398